1. Field of the Invention
The present invention relates to a method and apparatus for mutual authentication in a Conditional Access System (CAS) including a headend system and Downloadable Conditional Access System (DCAS). In particular, the present invention relates to a method and apparatus for mutual authentication in the DCAS in which a mutual authentication between an authentication server of the headend system and a secure micro (SM) of a DCAS host is performed, and then CAS software is downloaded in the SM.
This work was supported by the IT R&D program of MIC/IITA [2007-S-007-01, The Development of Downloadable Conditional Access System].
2. Description of Related Art
A Conditional Access System (CAS) is a system that assigns authority to view a fee-based broadcast to only authenticated subscribers. In order to provide a fee-based broadcasting service in current digital cable broadcast, a cable card of either a smart card form or a Personal Computer Memory Card International Association (PCMCIA) card form is generally used based on an embodiment form of Conditional Access (CA) application.
Since a predetermined time is required for card reissuance when a CAS defect occurs, by distributing CAS operating software (CAS Client) off-line using either the smart card or the PCMCIA card, there is a disadvantage that a quick corrective action is difficult and an additional cost for card reissuance occurs. Recently, developing a Downloadable Conditional Access System (DCAS) technique in a two-way cable communication network has been an issue in order to overcome the disadvantage. The DCAS technique is different from the technique which a CAS providers provides fee-based broadcasting service by installing CAS software selected by either a smart card or a PCMCIA. The DCAS technique mounts a secure micro (SM) where the CAS software may be stored, so that it simply renews the CAS software through the two-way cable communication network when a CAS defect occurs or the CAS software is updated.
Also, a plurality of Conditional Access (CA) systems is processed with a single SM chip in the DCAS technique, so that a cable provider is not subject to a specific CAS solution, but may select a CAS provider. Thus, competition among CAS providers may promote development of a various types of services. However, when the CAS software is transmitted to a subscriber set-top box which is in an unauthenticated status, the subscriber may illicitly watch the fee-based broadcasting service and an unpredictable situation may occur. Also, when the SM to be mounted in the set-top box does not authenticate an authentication server located in a headend server, there may be attack of a third-party server spoofing the authentication server 111. Therefore, in order to develop the DCAS, mutual authentication between the authentication server and the SM to be mounted in the set-top box should be performed.
Accordingly, effective mutual authentication may be required from the DCAS to solve the above-described problems.